Kewajiban Data Controller dan Data Processor Dalam Data Breach Terkait Pelindungan Data Pribadi Berdasarkan Hukum Indonesia dan Hukum Singapura: Studi Kasus Data Breach Tokopedia

Main Article Content

Alvansa Vickya
Reshina Kusumadewi

Abstract

Abstrak


Peraturan perihal Pelindungan Data Pribadi didasarkan atas Fair Information Principles sebagai prinsip-prinsip yang mengatur hubungan antara bisnis dan pemerintah yang mengumpulkan, menggunakan, dan membuka informasi personal mengenai subjek data yang digunakan oleh banyak negara. Kemudian, muncul European Union General Data Protection Regulation 2016 sebagai golden rule yang menjadi patokan bagi aturan-aturan negara lainnya seperti Singapura. Pengaruh golden rule terhadap Personal Data Protection (Amendment) Act 2020 milik Singapura dapat dilihat pada konsep Data Controller, Data Intermediary/Processor, dan Data Breach. Dalam penelitian ini digunakan metode penelitian hukum yuridis normatif. Berdasarkan penelitian tersebut ditemukan bahwa peraturan perihal Pelindungan Data Pribadi di Indonesia yang ada pada saat ini masih terpisah-pisah dalam beberapa peraturan. Di dalamnya, tidak dikenal konsep Data Controller dan Data Processor sehingga tidak terdapat perbedaan antara penyelenggara sistem elektronik yang melakukan kontrol dan kelola atas data pribadi. Selain itu, tidak terdapat juga pengaturan perihal data breach. Hal ini berbeda dibandingkan dengan Singapura yang telah membagi antara Data Controller dan Data Intermediary sehingga terdapat kejelasan mengenai perbedaan kewajiban dan pertanggungjawaban di antara keduanya dalam hal terjadi data breach.


Kata Kunci: Pelindungan Data Pribadi, Data Pribadi, Data Breach, Data Controller, Data Processor


 


Abstract


The regulations regarding the Personal Data Protection are based on the Fair Information Principles as the principles governing the relationship between businesses and governments that collect, use and disclose personal information about data subjects used by many countries. Furthermore, the European Union General Data Protection Regulation 2016 emerged as the golden rule which became the benchmark for the regulations of other countries such as Singapore. The effect of the golden rule on Singapore's Personal Data Protection (Amendment) Act 2020 can be seen in the concept of Data Controller, Data Intermediary/Processor, and Data Breach. This research uses normative juridical legal research methods. Based on this research, it was found that the existing regulations regarding Personal Data Protection in Indonesia are still separated in several regulations. Moreover, there are no concepts of Data Controller and Data Processor so that there is no difference between electronic system administrators who control and manage personal data. In addition, there are also no regulations regarding data breach. This is different from Singapore, which has divided Data Controller and Data Intermediary so that there is a solution regarding the differences in obligations and responsibilities between the two in the event of data breach.


Keywords: Personal Data Protection, Personal Data, Data Breach, Data Controller, Data Processor

Article Details

Section
Articles